Announcement

Collapse
No announcement yet.

A Look At The Relative Spectre/Meltdown Mitigation Costs On Windows vs. Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Etherman View Post
    Interesting. I personally choose the performance option.
    How did you get your system "Unpatched"?
    I'd like to know how to do so both on Windows and Linux Mint.

    Thank You.

    Comment


    • #12
      Originally posted by Venemo View Post
      Are these mitigations still necessary? I thought Intel has released a microcode update to fix it.
      The microcode does nothing by itselt, it simply exposes certain functionalities necessary for the kernel to mitigate those bugs in certain architectures.
      ## VGA ##
      AMD: X1950XTX, HD3870, HD5870
      Intel: GMA45, HD3000 (Core i5 2500K)

      Comment


      • #13
        Originally posted by treba View Post

        No, they microcode updates only allow certain mechanisms like IBRS, IBPB and STIBP to be used. That is AFAIK only about spectre variant 2 and generally much slower than solutions like retpoline, while arguably being more save.

        So no, especially meltdown is not going to be fixed by microcode updates but only by new hardware. On AMD you don't need have meltdown, so the difference in performance should be much smaller.
        Retpoline is NOT safe for Skylake+ architectures: https://lkml.org/lkml/2018/1/22/598

        "Then there's Skylake, and that generation of CPU cores. For complicated
        reasons they actually end up being vulnerable not just on indirect
        branches, but also on a 'ret' in some circumstances (such as 16+ CALLs
        in a deep chain).

        The IBRS solution, ugly though it is, did address that. Retpoline
        doesn't."
        ## VGA ##
        AMD: X1950XTX, HD3870, HD5870
        Intel: GMA45, HD3000 (Core i5 2500K)

        Comment


        • #14
          Originally posted by Royi View Post

          How did you get your system "Unpatched"?
          I'd like to know how to do so both on Windows and Linux Mint.

          Thank You.
          For Linux you can actually compile it without CONFIG_PAGE_TABLE_ISOLATION and CONFIG_RETPOLINE. Or pass 'nospectre_v2 nopti' in the kernel command line - usually settable in your bootloader configuration, e.g. GRUB_CMDLINE_LINUX in /etc/default/grub on Debian (and then run 'update-grub').

          For Windows look at this and search for "Disable this fix" - or possibly uninstall the relevant updates, but others may rely on them.

          Comment


          • #15
            Originally posted by GreenReaper View Post

            For Linux you can actually compile it without CONFIG_PAGE_TABLE_ISOLATION and CONFIG_RETPOLINE. Or pass 'nospectre_v2 nopti' in the kernel command line - usually settable in your bootloader configuration, e.g. GRUB_CMDLINE_LINUX in /etc/default/grub on Debian (and then run 'update-grub').

            For Windows look at this and search for "Disable this fix" - or possibly uninstall the relevant updates, but others may rely on them.
            Any proper, clear and simple guide on how to disable those?
            Preferably without compiling the kernel but on a given system (Linux Mint 18.3 for that matter).

            Comment


            • #16
              I thought the above was pretty clear, but if you'd like more detail on editing the kernel command line (which I can appreciate, if you've not done it before) try this guide: https://www.howtoforge.com/tutorial/...arameter-edit/

              Be aware that a few people have reported degraded performance with the feature compiled in, even if it is disabled, which is quite possible as it changes the resulting code.
              Last edited by GreenReaper; 05-10-2018, 02:23 PM.

              Comment

              Working...
              X